IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software M
Remarks
____________________________________________________________________ .........................................
S 4.23 Secure invocation of executable files
Initiation responsibility: IT Security Management, Administrators
Implementation responsibility: Administrator, IT users
Steps must be taken to ensure that only approved versions of executable files
and no modified versions that may have been introduced (especially Trojan
horses) are called up.
Therefore, the current directory (.) should not be included as a path in the
PATH variable. Executable files should only be held in the directories
intended for the purpose. Only the owner should have write access to the
directories contained in a PATH variable. This should be regularly checked. In
UNIX systems with an IFS variable, this should be set to the default value
(space, tab and newline) and, in particular, must not be set to "/".
Additional controls:
- Are the PATH entries checked regularly?
- Are executable files scattered around the system?
- Are the procedures for executable files known to the users?
- Is the integrity of the relevant configuration files verified regularly (e.g.
with Tripwire or USEIT)?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Current directory not in
the search path